[Samba] User permissions of profile/home directory lost

Rowland Penny rpenny at samba.org
Thu Mar 1 08:02:40 UTC 2018 

On Wed, 28 Feb 2018 21:00:24 -0700
"Paul R. Ganci via samba" <samba at lists.samba.org> wrote:

> Hi All,
> 
> I run a small domain for my home that consists just of two user 
> accounts... one for my wife and one for me. I just have a single DC
> and the home and profile shares are located on the DC. For years this
> setup has served just fine giving me access to both linux and windows
> with a unified authentication and file server base.
> 
> However, on Monday around 12 noon MST my wife lost permissions to her 
> home and profile directories on both our Windows 7 Pro and CentOS 6&7 
> systems. If I logged into the DC and did 'getent passwd' her account 
> showed up correctly. A 'ls -lat' command showed that the
> directory/files were owned properly by my wife's account. A getfacl
> showed that the ACLs were exactly like my own account which
> functioned properly. There was absolutely no reason for her to be
> denied permission to her directories or the files contained therein.
> And the permission issue was present even on the DC.
> 
> After struggling with this problem for the past 48 hours I decided to
> do a 'chown -R' on her profile and home directories, even though I
> thought this was silly since other linux commands indicated
> everything was setup correctly. Much to my surprise the 'chown -R'
> command fixed the problem.
> 
> I am at a loss as to what could have possibly occurred to make the DC 
> believe that my wife's account was not the owner of her home and
> profile directory and the files contained in those directories. It
> seems even stranger that on the DC, linux indicated that my wife's
> account owned the files but yet would not grant permission even
> though the ownership and ACLs were correct.
> 
> Everything is well now, albeit for how long I don't know. I would be 
> extremely grateful for any thoughts on what might have occurred and
> how to avoid this issue in the future. My wife's email was lost for
> ~48 hours because a bounce occurred due to the inability of dovecot
> to write to her account's maildir. Needless to say my wife was not
> happy and an unhappy wife ... well I let's just say I would like to
> avoid that in the future.
> 
> Thank you for any insights.

Is this a PDC (NT4-style domain) or an AD DC ?
Either way, I have never heard of anything like this happening before,
perhaps it might help if you post your smb.conf.

Rowland

More information about the samba mailing list